Wednesday, November 3, 2010

w3af 1.0-rc4 available

Andres Riancho has announced  that a new version of w3af is available.

Just to name a few things we've done for this release:  
* We've written new HOWTO documents for our users 
* Considerably improved the speed of all grep plugins 
* Replaced Beautiful Soup by the faster libxml2 library 
* Introduced the usage of XPATH queries that will allow us to improve performance and reduce false positives 
* Fixed hundreds of bugs
On this release you'll also find that after exploiting a vulnerability youcan leverage that access using our Web Application Payloads, a feature that we developed together with Lucas Apa from Bonsai Information Security. These payloads allow you to escalate privileges and will help you get from a low privileged vulnerability (e.g. local file read) to a remote code execution. In order to try them, exploit a vulnerability, get any type of shell and then run any of the following commands: help, lsp, payload tcp (the last one will show you the open connections in the remote box).

No comments:

Post a Comment